1. Technical Field
This disclosure relates generally to web application security and in particular to a method and system for decomposing a web application into protected components.
2. Background of the Related Art
Cross-Site Scripting (XSS) is a web application vulnerability that allows malicious users to inject code into pages that are viewed by other users. In many classifications, it is recognized as a top web application vulnerability class. The most severe consequences of XSS issues are that attacker is able to make a legitimate user's browser perform operations that change application state on behalf of that user, or that make a user's browser disclose private data.
There are several known methods to protect against an XSS attack. One approach is referred to an input filtering. This approach involves checking web application input for malicious data and rejecting or filtering it as needed. The input filtering method, however, cannot guarantee full protection, and it may be overly aggressive (to the point of being useless) if input data is used by web application in multiple contexts (e.g. HTML and Java Script). An alternative approach is to use client-side protection, whereby users equip their browsers with extensions that automatically detect attack attempts. The client-side approach, however, does not work properly with some types of XSS attacks, especially persistent XSS where injected code is not passed through input parameters.
Yet another approach, and one which is the best known solution, is referred to output escaping. XSS attacks happen when the application fails to escape its output and an attacker put HTML and/or Javascript on the site, which code then runs in the site visitors' web browsers. Output escaping stops this happening by making sure that the application never sends commands (HTML) when it only intends to send plaintext. This approach is designed to ensure that content rendered by the application contains a code (even if the code is input). To be implemented successfully, however, this solution requires significant attention from developers and an active approach from test teams.
The above described techniques show that, even with significant effort, it is difficult to eliminate XSS completely. The problem is exacerbated if the web application is created with software from different vendors.
Yet another solution is generally referred to as sandboxing of content in different domains. One available version of this approach is implemented in iGoogle, by which users can design a personalized web page. The primary goal of sandboxing is to separate page elements coming from different vendors into separate domains and to merge them on one page with inline frames using standard HTML iframe tags. This approach takes advantage of the web browser's native origin policy constraints. It isolates page parts from each other as well as from a parent page. Although widely used, the technique has proven difficult to adopt for use with regular applications as it requires splitting applications into parts and then merging those parts back together. Such work is time-consuming and creates support issues, as the page needs to be separated according to security requirements as opposed to its logical structure.
The techniques disclosed herein address these and other deficiencies of the known prior art.